Cryptography 101

EECS710: Info Security and AssuranceProfessor Hossein Saiedian

Resources: Terry Ritter’s Learning About Cryptography, Network Associates’ An Introduction to Cryptography, course textbooks

2

What is cryptography• Cryptography: transforming (enciphering)

plaintext into a form where the original info is present but hidden Plaintext: data that can be read w/o any

special tool Ciphertext: result of encryption; unreadable

data• Given a plaintext, many transformations

are possible; to expose the info one may have to try all (on average, half) of possible transformations

3

An elementary school approach• On a sheet of paper, write the alphabets in

order in one column; write the same alphabets randomly (but uniquely) in the second columnA WB JC R… …

• To encipher a plaintext, substitute each letter with the associated letter from the second column

4

An elementary school example• Suppose we have the following substitutionABCDEFGHIJKLMNOPQRSTUVWXYZQAZWSXEDCRFVTGBYHNUJMIKOLP

• Plaintext message: MEET ME AT SIX• Enciphered message: TSSJ TS QJ UCO• The Caesar cipher

En(x) = (x + n) mod 26Dn(x) = (x - n) mod 26For Caesar cipher: n = 3

5

A middle school approach• Singe (simple) substitution: the key is one

particular permutation (arrangement) of the alphabet; once the sheet revealed, it is no longer good

• But one can create a notebook of different permutations for the second column, each on a page; the key will be the page number

• If the notebook is exposed, one must try all (or at least half) transformations

6

Weak vs. strong transformation

• Simple substitution is weak: the more often a particular letter is used, the more often the ciphertext letter appears Languages use some letters (or letter

combinations) more than others, and thus possible to guess

• One solution: increase the size of the cipher alphabet Instead of single letters, use pairs of letters For example, replace A with WK At least 26 × 26 = 676 transformations

7

Weak vs. strong transformation [2]• How about expanding: instead of a pair of

letters, select triplets, four quadruples, …• Soon a computer will be needed to do the

operations• A conventional (block) cipher: A much larger

alphabet• A 64-bit (eight character) block cipher:

instead of using 26 letters, views each 2^64 values as a separate letter 18,000,000,000,000,000 “letters”!

8

Keyspace for an 8-bit key• A notebook with 256 pages: 256 different

keys• Decimal 256 = Binary 100000000 = 2^8

= 8 bit• Thus an “8 bit” keyspace gives 256 unique

key values• If we choose one of the keys, one would

have to try 256 (or probably only 128) keys to break

• Thus a low design strength

9

Keyspace for longer than 8-bit keys• A 65,536 page notebook offers a “16 bit”

keyspace• That is 256 times that of an “8 bit” while

the key has 8 bits more• A “56 bit” keyspace: 7 × 10^16 different

keys Broken via brute force in 56 hours!

• A “128 bit” (16 characters): 3.40282367 × 1038

Strong enough

10

What cryptography can and cannot do• It can hide to facilitate confidentiality and

authentication• It cannot hide contraband, a luxury

lifestyle with no visible means of support, informants, or undercover spying

• Keys can be lost, forgotten, stolen, or revealed for payment or under duress

11

Encryption/decryption process• Encryption: the process of disguising

plaintext• Decryption: the process of reverting

ciphertext to its original plaintext

12

Other related terms• Cryptanalysis: the science of analyzing

and breaking secure communications Analytical reasoning/math Pattern matching Patience, determination, good luck

• Cryptography: the science of information security

• Cryptology: cryptography + cryptanalysis

13

Strong vs. weak cryptography• Strength is measured in the time and

resources required to recover a plaintext• Strong cryptography: very difficult to

decipher A billion computers doing a billion checks a

second, it is not possible to decipher the result of strong cryptography in a billion year

14

How does it work• A mathematical function

• Strength: (1) algorithm, (2) secrecy of the key

15

Conventional cryptography• AKA symmetric key• One key is used for encryption/decryption• Example: the Data Encryption Std (DES)

used by the fed government

16

Conventional cryptography approaches• Substitution: changes (substitutes) characters

in plaintext to produce ciphertext Example: Caesar cipher where the letters are offset

by 3 (or in general n) positions SECRET VHFUHW

• Transposition: rearranges the characters in the plaintext to produce ciphertext Example: the “rail fence” cipher where plaintext is

written in two rows preceding down, then across SECRET SCE SCEERT ERT

17

A longer example of transposition encipher• The number of rows is explicitly defined; pad

with dummy characters to fill• An example of 3-row fence MTSPNRIE EAIMDBDX ETXUERGY• Read off/send : MTSPNRIEEAIMDBDXETXUERGY• May send in 4-char groups to avoid errors (also

for better management and to confuse intruders)

MTSP NRIE EAIM DBDX ETXU ERGY

18

A longer example of transposition encipher [2]• To decipher MTSP NRIE EAIM DBDX ETXU ERGY

1. Run the letters into a long string MTSPNRIEEAIMDBDXETXUERGY

2. Since there are 3 rails, divide into 3 groups of 8 MTSPNRIE EAIMDBDX ETXUERGY

3. Write the first letter of group 1, group 2, and group 3 followed by the second letter of group 1, etc.

MEETATSIXPMUNDERBRIDGEXY MEET AT SIX PM UNDER BRIDGE XY

19

Benefits of conventional encryption• Very fast• Useful for encrypting local data that is not

going anywhere• Expensive for data transmission

How to distribute the key

20

Public key encryption• Addresses key distribution• Asymmetric scheme• Uses a pair of keys

Public key: used to encrypt data Private key: used to decrypt data Public key is public and publically advertised Private key is kept secret Computationally infeasible to deduce the

private key from the public key• An example: PGP

21

Public key encryption illustrated

22

Benefits of the public key approach• No need for sender and receiver to share a

key• All communications involve public keys;

private keys are never transmitted• Examples of public key cryptosystems

Elgamal (named for its inventor, Taher Elgamal) RSA (named for its inventors, Ron Rivest, Adi

Shamir, and Leonard Adleman) Diffie-Hellman (named for its inventors), and DSA, the Digital Signature Algorithm (invented by

David Kravitz)

23

How PGP works• Combines the best features of conventional

and public cryptography1. PGP compresses the plaintext: saves

modem transmission and disk space and strengthens security (complicates patterns)

2. PGP creates a session key: a one-time-only secret key (generated from the random movement of the mouse/keyboard strokes)

3. The plaintext is encrypted via a fast algorithm and the session key

24

How PGP works [2]4. The session key is encrypted using the

recipient's public key and transmitted

25

How PGP works [3]4. Decryption works in reverse: the session

key is recovered (by the recipient's private key) and is used to decrypt the ciphertext

26

The benefits of the PGP• A combination of two methods

Convenience of the public key: no key-distribution concerns

Speed of conventional encryption: about 1,000 faster than the public key encryption

27

The key issues• A value that works with encryption algorithms

to produce a ciphertext• Big, big numbers: measures in bits: 1,024 bits• The bigger the key, the more secure ciphertext• Public key size and conventional cryptography

secret key sizes are unrelated A conventional 80-bit key has the same strengths of

a 1,024-bit public key The bigger the key, the more secure but the

algorithms used for each is different (a comparison is like comparing apple and oranges)

28

The key issues [2]• Public and private keys are mathematically

related but difficult to derive a private key from its public key

• Pick large keys to be secure; small enough to be applied quickly

• Large keys are good for a longer periods of time• Keys are stored in encrypted form; PGP stores

on the hard-drive as keyrings one for public and one for private uses If the private key is lost, one will be unable to recover

decrypted data

29

Digital signatures• A benefit of public key• Enable the recipient to verify the

authenticity of the information’s origin, and also verify that the information is intact Provides for authentication and data integrity

• Also provides non-repudiation: prevents the sender from claiming that he/she did not send the information

30

Digital signatures [2]• Authentication

Similar to a handwritten signature but superior in that it is nearly impossible to counterfeit

You may not care if anyone learns that you just deposited $500 in an account, but you do want to be sure it was the bank teller you were communicating with

• Integrity To verify and ensure that the information was

not altered

31

How digital signature works

32

How digital signature works [2]• Problem with the above approach? SLOW• Data size to communicate too large (at least

double the original)• Alternative to expedite?

Use hash functions “A hash function is any well-defined procedure or

mathematical function that converts a large, possibly variable-sized amount of data into a small datum, usually a single integer”

• Create a message digest to sign the message

33

Message digests• Objective: to verify that the message received

is the same as the message sent• How: hash function (checksum function)

-- h: A B-- A: a message of any length (millions of bits)-- B: A fixed length output, e.g., 160 bit-- h: ensures that if A is changed in anyway (even one bit), an entirely different output is produced

• PGP calls B a message digest (used for creating signatures); one cannot alter the signature or attach to another document

34

Hash function (h: A B) properties• Easy to compute• For any y in B, infeasible to find x in A such

that h(x) = y• For any x, x’ in A, x ≠ x’, infeasible to have h(x) = h(x’)• Given any x in A, infeasible to find x’ in A

and x ≠ x’ and h(x’) = h(x)

35

Side note: pigeonhole principle• If there are n containers and n+1 objects,

at least one container will have to hold two objects

• So what? If a hash function produces 3-bit hashes and we have a set of 5-bit messages, it implies: a^3 = 8 hashes 2^5 = 32 messages Thus large hash sizes are better

36

How a hash function is used

37

Digital envelopes• Creating a digital envelop (an encrypted

message; no digital signature attached)

38

Digital envelopes [2]• Opening a digital envelop

39

Diffie-Hellam public key agreement• A relatively fast public key agreement• Relies on two functions, p (prime) and g

(generator), and two random numbers x and y

• Everything exchanged in clear text• Six step process• Works like magic!

40

Diffie-Hellam public key agreement [2]• Party X and Party Y agree on Diffie-Hellman p and g;

exchange these in clear• Party X generates random number x Party Y generates random number y• Party X computes x’ = g^x mod p Party Y computes y’ = g^y mod p• The two parties exchange x’ and y’ in clear• Party X computes kx = y’^x mod p Party Y computes ky = x’^y mod p kx = y’^x mod p = g^(xy) mod p = x’^y mod p = ky

• Subsequent encryption with kx or ky

41

Diffie-Hellam public key agreement [3]

42

Digital certificates• One concern with the public key approach:

must ensure that you are encrypting to the correct person’s public key Otherwise, you can only encrypt/decrypt to

those key handed to you• A solution: digital certificates (or certs)• A form of credentials (like a physical

passport)• Included with a person’s public key to

verify that a key is valid

43

Components of a digital certificate• A digital certificate

A public key Certificate info (identifying information such as

name, ID) One (or more) digital signatures A stamp of approval from a trusted entity

• Certificates are used when it is necessary to exchange public keys with someone (when you cannot manually exchange via a diskette or USB drive)

44

Components of a digital certificate [2]

45

Digital certificate distribution• Digital servers: a networked database that

allows users to submit and receive digital certs Example: PGP Keyserver

• Public Key Infrastructures (PKIs) Storage facilities like the certificate servers More structured Provide additional key management services Issue revoke, store, and trust certificates Certificate authority: a group of human beings

authorized to issue certs (like a passport office)

46

Common certificate format• The certificate holder’s public key: the public

portion of key pair and key algorithm, e.g., RSA• The certificate holder’s information: identity

information about the user (e.g., name, user ID, email address, photograph, and so on)

• The digital signature of the certificate owner: the signature using the corresponding private key of the public key of the certificate

• The certificate’s validity period: the certificate’s start date/time and expiration date/time; The preferred symmetric encryption algorithm for the key: e.g., AES, Triple-DES, Twofish

47

Common certificate format [2]

48

Other substitution techniques• Choose a keyword, e.g., Jayhawk, drop

repeated letters, thus jayhwk• The keyword defines the permutation of

English letters: ABCDEFGHIJKLMNOPQRSTUVWXYZ

jayhwkbcdefgilmnopqrstuvxz • Another keyword: Professional ABCDEFGHIJKLMNOPQRSTUVWXYZ

profesinalbcdghjkmqtuvwxyz

49

Other substitution techniques [2]• Use every third letter (apply mod 26)

adgjmpsvybehknqtwzcfilorux• Consider any possible permutation of the

English letters How many? 26! Even applying decryption at 1 microsecond, still

takes over 1,000 years The primary issue: the knowledge of letter patterns

in a text Solution: Avoid using the same substitution for a

letter

50

One-time pads (using Vigenere tableau)• Assume a set of large, non-repeating keys written

on sheets of paper, glued into a pad• Assume keys are 20 characters• Assume a text that is 300 characters• Sender tears off 15 pages from the pad• Sender writes the keys one at a time above the

text letters and enciphers in a prearranged chart• Receiver must have the same pad• Concerns: (1) key distribution, (2) sender/receiver

must synchronize (3) need unlimited keys

51

One-time pads [2]• A toy example• Assume keys are 5 letters each; assume

these two keys XYSWD and DHJTU• Assume you have a text that is eight

characters, e.g., “fly today”• Need two keys XYSWDDHJTU flytoday• Ciphertext: XYSWDDHJ

52

One-time pads [3]• Using computers, random numbers can be

generated for the keys• To send a 300-letter message

Generate the next 300 random numbers Scale to be between 1-26 Use a number to decipher each letter

53

One-time pads [4]• Pictorially

54

The Vernam cipher (a one-time pad)• Devised by Gilbert Vernam for AT&T• Non-repeating random numbers• How? Consider plaintext Vernam Cipher V E R N A M C I P H E Rord# 21 4 17 13 0 12 2 8 15 7 4 17+rnd 76 48 16 82 44 3 58 11 60 5 48 88= 97 52 33 95 44 15 60 19 75 12 52 105%26 19 0 7 17 18 15 8 19 23 12 0 1cipher T A H R S P I T X M A B

55

An example of combining substitution and transposition• The Soviet encryption during the WWII• Handout

56

How is a key used?• Suppose we have a key, computer• How is it used to encrypt a plaintext?• A toy approach• The key, computer, in ASCII is

Dec: 097 111 109 112 117 116 101 114 Binary: 01100011 01101111 01101101 …

• A plaintext, “secretly” in binary: 01110011 01100101 01100011 …

• XOR the two!

57

How is a key used? [2]• Much more complex in

real algorithms• F is a round function• Ki, for i in 2..16, are new

keys generated from the original key by a complex algorithm

• is the xor operation

58

The key application in DES

59

The key application in AES

60

Key distribution revisited• Five persons need to communicate securely• How many keys should the system maintain?• How many lines of communication? n * (n -1)/2

Two people: 1 line of communication Three people: 3 lines of communication Four people: 6 lines of communication Five people: 10 lines of communication

• Concerns: Maintaining the distributed the keys